The U.S. Treasury Department has revealed that a state-sponsored Chinese hacking operation breached its systems by accessing third-party software. This “major incident” allowed the hackers to infiltrate the desktop computers of Treasury employees and access unclassified documents.
China has denied the allegations. A spokesperson for China’s Ministry of Foreign Affairs, Mao Ning, stated, “China consistently opposes all forms of hacking and is firmly against the spread of false information targeting China for political purposes.”
According to a letter from Treasury official Hardikar, the breach occurred through a cloud-based service used by a third-party vendor, BeyondTrust, to remotely provide technical support for Treasury Departmental Offices. The hackers gained access to a key used by BeyondTrust to secure the service, which allowed them to bypass security measures and access the department’s user workstations.
The U.S. Treasury is working with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other members of the intelligence community, along with third-party forensic investigators, to fully assess the incident and determine its impact.
In response to the breach, the compromised BeyondTrust service has been taken offline, and Treasury officials have stated there is no evidence suggesting that the hackers still have access to Treasury systems or information.
The Treasury has emphasized its commitment to defending its systems and data, noting that over the past four years, it has significantly strengthened its cyber defenses. The department will continue to collaborate with both private and public sector partners to protect the financial system from future threats.
